Some tools

Arte+7 downloader

Arte offers a nice service to watch broadcastings you weren't able to see on TV. This little script makes
it easy to download and archive the videos.Unfortunately, the service is limited to French and German residents.

Download

Github

Panasonic RW2 files lens distortion correction information

Panasonic includes lens distortion correction data in their RAW
files as an EXIF tag. Unfortunately, they did not release the
specification for this tag. Which is really annoying for people willing
to use a RAW converter which is not vetted by Panasonic.

Inspired by this blog post : Dissecting Panasonic RW2 files.
I decided to take the plunge and finally find out
what's behind the format. The following command allows us to get the raw
hex bytes of the 0x119 tag, which includes the correction data :

The data is only 32 bytes long, which should make it quite easy to parse.
After some (err a lot of) reverse engineering work, I finally understand enough
to write a parser : the data is infact 16 short (16 bits) integers, represented
in little endian order :

Unfortunately, more tests with lensfun got me confused, and for
example, trying the "poly3" model gives completely different results.
You can find below some tools which helped me reverse engineer the
format, including the code to fix checksums.

History

AirScan : a Nintendo DS Wi-Fi access point scanner

AirScan is a Wi-Fi scanning utility for the Nintendo DS. It offers various
filtering features to facilitate access point discovery.
For example, it can be used to locate open access points in low WiFi density
areas thanks to its sensivity.
Interesting features include :

Display only desired protection levels (open, WEP, WPA)

Connectivity testing for open access points (including retrieval of the Google homepage)

Easy scrolling

Timeouts for out of range APs

Screenshot

History

07/11/2010 : 1.0 : improved connectivity testing, new icon

20/02/2010 : 0.6 : fix for scrolling and timeouts

18/01/2010 : 0.5.1: mode selection bugfix

09/01/2010 : 0.5 : connectivity testing, many bugfixes

02/03/2009 : 0.2 : timeouts

26/06/2008 : 0.1a : first public release

Download

Github

MIPS (MIPS IDA PluginS)

IDA, until version 5.5, didn't understand the so-called "old abi" of MIPS ELF binaries.
I wrote this IDAPython plugin which parses the ELF itself to resolve calls to external libraries.
It also handles switch tables and internal symbols. It helps a LOT while reversing embedded binaries.
It is partially based on the work of Julien Tinnes : mips.elf.external.resolution.txt.

It also includes two little Python scripts (ident_func.py and
ident_func_le.py) to identify all functions in a binary, which helps a
lot for cross references.

Screenshot

Usage

Read the documentation on top of the source

(optional) run ident_func.py

Run the plugin in IDAPython, it will ask if you want to analyze the whole segment or just the current function

Download

MBSA Extractor

MBSA is a tool from Microsoft used to verify if your systems
are up-to-date.
My tool uses MBSA's database to download specific updates, extract them, sort them on the disk, etc.
It can be very useful to download several versions of the same file.

Usage

The tool has been designed for flexibility and updates can be selected using many criterias :
Some valid search expressions :
CVE=CVE-2006-1234
SID=date(20041225,20060101)
KBID=147258
xpath='//Update[./ExtendedProperties/SecurityBulletinID[text()='MS06-040']]'

History

15/10/2008 : 1.0 : First public release

Download

Debian OpenSSL vulnerability

We (Raphaël Rigo, Romain Raboin and Julien Tinnes) gave a short talk at SSTIC 08
about some of the tools we wrote after the OpenSSL/Debian advisory to remotely discover vulnerable keys
in authorized_keys files, decipher SSH traffic and retrieve DSA private keys (even from non weak keys). We also
wrote an article in french in this MISC
issue.